I know it's possible (but rather hard as it involves using acid on the chip) to read flash memory from a MCU. However how hard is it to read the ram of an MCU while it is running? Corrollary question is: how safe is it to store a secret in the ram of an MCU? I know that when MCU is reset of powered off secret is lost but it is not a problem in the application we're looking into.
Asked
Active
Viewed 90 times
3
-
Fun question, I hope someone can shed some light on it. One issue you've not mentioned is that it may be possible, by supercooling the chips, to get the RAM to retain information long enough to read it even after it has been powered off. If you want really top security, you need a specialist chip. – Julian Knight Sep 26 '16 at 19:47
-
@JulianKnight Thanks, didn't know cooling could increase data retention times. I found this interesting [article](http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-536.html) about the subject. However in the case of an MCU, it seems that accessing to the ram seems quite complex as ram is embedded in the chip, right? – Vincz777 Sep 26 '16 at 22:10
-
I would think that it is complex no matter what! :-) I honestly don't know how easy it would be to do in practice. That's why I've not given you an answer. – Julian Knight Sep 26 '16 at 22:30
-
You can. This issue is usually mitigated by using a secure enclave with it's own ROM and RAM, physically bonded in a way that taking it apart is always destructive beyond readability. Expensive off the shelf chips that have this exist. – John Keates Sep 26 '16 at 23:22
-
1Perhaps some of the answers at https://security.stackexchange.com/questions/119488/what-buses-carrying-sensitive-information-on-a-running-computer-are-vulnerable-t could help (though it is more particular to DRAM). – forest Nov 29 '17 at 20:51
-
@Vincz777 It depends on what kind of RAM is present. CMOS RAM can actually be "frozen" by a strong burst of X-rays at a certain frequency. There are also many ways to mount glitching attacks on MCUs to freeze the memory or make it readable. – forest Nov 13 '18 at 04:23